WHAT IS CLAIMED IS: 



1. A method of analyzing and deciypting a malicious encryption script, comprising the 

steps of: 

5 classifying a malicious script encryption method into a case where a decryption function 

exists in malicious scripts and is an independent function that is not dependent on the external 
codes such as run time library, a case where a decryption function exists and is a dependent 
function that is dependent on external codes, and a case where a decryption function does not 
exist; and 

10 if the decryption function exists in malicious scripts and is the independent function that 

is not dependent on the external codes, extracting a call expression and a fianction definition for 
the independent function, executing or emulating the extracted call expression and function 
definition for the independent function, and obtaining a decrypted script by putting a result value 
based on the execution or emulation into an original script at which an original call expression is 

15 located. 

2. The method according to claim 1, v^erein whether there exists the dependency of the 
decryption function on the external codes is determined based on whether there exists the 
dependency of all codes within the decryption fimction on the extemal codes, whether actual 

20 parameters for decryption fimction call in all program are constants, and whether only functions 
with no side effects in the decryption function are called. 

3. The method according to claim 2, wherein upon determination of the dependency of 
all codes within the decryption function on the extemal codes, all codes within fimction Fj are 

25 detemiined as having no dependency on the extemal codes if fimction Fj satisfies the following 
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formula: 

Vifl Ei = c|), 

where Vj is a set of global variables defined or used in function Fi, and is obtained 
according to the following formula: 
5 Vi = Ai-Di,and 

Ei is a set of variables defined or used in an external region of function Fj and is obtained 
according to the following formula: 

where n is the number of functions defined in the script, 
10 Fi is an i-th defined function in the script (1 < i < n), 

Ai is a set of all variables defined or used in fiinction Fi (1 :^ i :^ n), 
Di is a set ofall variables declared as Dim in function Fi(l :^ i^ n),and 
Vo is a set of variables defined or used in a global region which does not belong to any 
fiinction. 
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